Hijacking Facebook Fan Pages

Recently I have been receiving lots of complains from RHA readers that their facebook fan pages are getting hacked. There is no rocket science or Zero day being used to hack facebook fan pages. However it's a simple facebook bug which helps the admins to remove another admin. However facebook should set up a rule that the original admins should not be removed. The following video by Sophos explains how easy it is to hijack facebook fan pages:






However it's quite strange to see according to facebook help page, Primary or original admin cannot be removed. However it's untrue. Which evolves the whole idea of Hijacking facebook fan pages.


Can multiple people use the same account to administer a Page?
Each business account or personal account on the site should only be used by one individual. This individual should be the owner of the email address used as the login email address for the account.

A Page can have multiple administrators. Each Page administrator will need to have their own business account or personal account. Every admin can manage the Page from their own Facebook account using the "Page Manager" application that will appear in the left hand column of the Applications section once they become an admin for a Page. Every admin has equal access to and the same abilities as the other admins for a Page.

Advice For Admins
  • Kindly don't make any one admins of your page, until you fully trust some one.
You might also like: